Tips for Communicators

Last updated: September 19, 2024
Students walking on University Blvd Vancouver Campus

Designing a Communication That Will Not Be Mistaken As a Phishing Message

Putting together a survey invite, newsletter or other communication for the UBC community that does not confuse faculty and staff can be difficult, especially when UBC Cybersecurity is spending time training employees on what to report. However, there are some common items that faculty & staff typically look for in ascertaining whether a message is trustworthy. When taken into consideration while developing communications and survey invites, the following checklist can be used as a guide to increase the success rate of recipients accepting communications as legitimate:

Sender Address

Where is the communication being sent from?

The communication should be distributed from an @ubc.ca email address and should be recognizable as authoritative for the target audience.

A [CAUTION: Non-UBC Email] warning tag will be added to the top of external email messages to remind recipients to verify the authenticity of the email before clicking on any hyperlinks, opening any attachments, forwarding or responding. The tag is not an indicator that an email is phishing, fraudulent or spam.

UBC communicators that utilize third-party email-sending services can request that the External Email Security Warning Tag not be applied to their legitimate notifications.

It is important to note that exemptions will not be provided for entire services or systems. Instead, exemptions are based on the service’s IP address(es), combined with the sending email address(es) used by the service for incoming emails to UBC. To exempt a service, we require a complete list of the email addresses that the service uses to send emails to UBC mailboxes on behalf of the UBC unit.


Branding

Does the communication use UBC Common Look and Feel (CLF)?

Banners and formatting using UBC branding can increase the legitimacy of your communication.


Salutations

Is the communication being sent to a named person?

Wherever possible your communication should be sent to a named individual to personalize the message and increase legitimacy.

 

Staff member reviewing email on computer monitor

Use of Links

Is it necessary to include a link in your communication?

Does your communication instruct recipients to visit a commonly used website or log in to an application they are familiar with to discover more details about the subject of your communication?

Is it possible to provide instructions about where to find the information instead of including a hyperlink?

  • “Please log into [ ] and review your notifications.”
  • “Visit [title of website] for more information.”

Is it necessary to include a URL in your communication?

If the inclusion of a URL is necessary, in an effort to discourage users from instinctively clicking on links in emails, we encourage staff and faculty to break the URLs in their emails by using hxxp in the prefix instead of HTTP.

When sending mass internal communications, we recommend including the brief disclaimer: “Think before you click - copy and paste the URL into your browser and replace hxxps with https.”

 

Staff working at the Centre for Interactive Research on Sustainability

Avoid Fear, Uncertainty and Doubt

Does the email contain a message which is creating fear, uncertainty, and/or doubt?

Do not include a sense of urgency or a fear of something bad happening, like the loss of access to a service if the recipient does not act immediately or a benefit if they do.

 

Signatures

Is the message signed by someone of authority?

Communications should be sent by someone of authority, such that if the recipient has a question or concern they know who to connect directly with.

Sustainability staff in meeeting

In cases where it is not appropriate to provide a signatory, such as an initiative or program, include the name of the program along with a general email address that is regularly monitored.


Branding

Does the communication use UBC Common Look and Feel (CLF)?

Banners and formatting using UBC branding can increase the legitimacy of your communication.

 

Safety Awareness Week

Crafting a Survey

When designing your survey, you should only request the minimum amount of information required from respondents to provide statistically meaningful data.

You should only request personal information from respondents where it is required to provide validity and/or to strengthen the analysis and results of the survey data.

Never request passwords or passcodes from respondents.


Go Further...


UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning